In weniger als einer Minute können Sie mit dem Lesen von Hacking: The Art of Exploitation: The Art of Exploitation auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen Oder fangen Sie mit einer unserer gratis Kindle Lese-Apps sofort an zu lesen.

An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Hacking: The Art of Exploitation: The Art of Exploitation
 
 

Hacking: The Art of Exploitation: The Art of Exploitation [Kindle Edition]

Jon Erickson
4.5 von 5 Sternen  Alle Rezensionen anzeigen (4 Kundenrezensionen)

Kindle-Preis: EUR 21,19 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 21,19  
Taschenbuch EUR 45,00  

Kunden, die diesen Artikel gekauft haben, kauften auch


Produktbeschreibungen

Kurzbeschreibung

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.


Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.


Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:


  • Program computers using C, assembly language, and shell scripts




  • Corrupt system memory to run arbitrary code using buffer overflows and format strings




  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening




  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems




  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence




  • Redirect network traffic, conceal open ports, and hijack TCP connections




  • Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix



Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the accompanying Linux environment, and all you need is your own creativity.

Synopsis

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits.This book will teach you how to: Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence Redirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art.

Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.


Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 1137 KB
  • Seitenzahl der Print-Ausgabe: 492 Seiten
  • ISBN-Quelle für Seitenzahl: 1593271441
  • Verlag: No Starch Press; Auflage: 2 (12. August 2010)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B004OEJN3I
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Durchschnittliche Kundenbewertung: 4.5 von 5 Sternen  Alle Rezensionen anzeigen (4 Kundenrezensionen)
  • Amazon Bestseller-Rang: #71.625 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


Kundenrezensionen

3 Sterne
0
2 Sterne
0
1 Sterne
0
4.5 von 5 Sternen
4.5 von 5 Sternen
Die hilfreichsten Kundenrezensionen
7 von 7 Kunden fanden die folgende Rezension hilfreich
Format:Taschenbuch
Whow - this book gives a brief introduction to C, shell and Assembler programming, gcc and the (immensly powerful) gdb debugger. In no time the author takes readers into the subtleties of buffer-overflows, synflood-attacks and other nice-to-know stuff.

His programming samples are very well chosen - at a first glance they show only simple programming tasks. A second look, expertly lead by author J. Erickson, unveils the hidden "features" and errors leading to potential attacks - brilliant!

But: Imho this book contains advanced geek-stuff. Don't expect non-programmers to really understand much of it...

The included Linux-Live-CD contains a well-prepared (Ubuntu) environment with all samples and required tools. Startup time from this CD is a major hassle - the publishers could improve by providing typical virtual-machine images (e.g. for Parallels and VMWare) - but that might be just personal taste.

A note for Mac users: At least on my (Leopard 10.5.4) MacBook, the samples simply didn't compile with the Apple gcc - be prepared for some updates.

Summary: You're not going to be a "real" hacker after reading this book. Yes - the other's are right: You can find more info online... but still the book is, in my opionion, a very good intro into the various aspects of "breaking" certain parts of other people's software...
War diese Rezension für Sie hilfreich?
3 von 4 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Unbedingt zu lesen 9. Oktober 2009
Format:Taschenbuch|Verifizierter Kauf
Ein wunderbarer Paedagoge. Hacking ist zwar in aller Munde und in jeder Zeitung, aber endlich ist zu verstehen, was da eigentlich passiert. Ausserdem sehr vergnueglich zu lesen und spannend wie ein Krimi von Stieg Larsson. Ein Muss fuer jeden Programmierer.
War diese Rezension für Sie hilfreich?
5.0 von 5 Sternen Great book! 10. September 2013
Format:Taschenbuch|Verifizierter Kauf
Well written.
Programming part is amazing.
It's first handbook which guides you from really beginning.
Attached CD gives you enough place to practice discussed topics.
War diese Rezension für Sie hilfreich?
Von Earl
Format:Taschenbuch|Verifizierter Kauf
Wie der Titel der Rezension es schon sagt, halte ich dieses Buch für einen guten Einstieg in die Welt des Exploitings. Der Autor führt ausführlich mit guten Anleitungen in die grundsätzlichen Verfahrensweisen ein und gibt einen ersten Anreiz, dass man die Denkweise, die man bei seiner Arbeit an den Tag legen sollte, verinnerlicht bzw. überhaupt aufbaut.
Der Einführungspart in C am Anfang des Buches hätte etwas kürzer gefasst werden können. Leute, die C schon kennen bzw. generell Erfahrungen im Bereich Programmierung haben, werden diesen Part sicherlich überspringen, da sie ihn - wie ich auch - für unnötig erachten werden.
Alles in allem ein gutes Buch, das nicht zu trocken an das Thema heranführt und zum eigenen Arbeiten anregt!
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.5 von 5 Sternen  81 Rezensionen
99 von 104 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen clever tricks and easy to follow exercises 27. März 2008
Von Henrik Lund Kramshøj - Veröffentlicht auf Amazon.com
Format:Taschenbuch
Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.

Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

Links:
The home page for this book is: [...]
50 von 53 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Excellent book for the right kind of reader 28. Juli 2011
Von Richard Bejtlich - Veröffentlicht auf Amazon.com
Format:Taschenbuch
This is the last in a recent collection of reviews on "hacking" books. Jon Erickson's Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.

H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.

The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.

Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
29 von 34 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Find out how deep the rabbit hole really goes 20. Januar 2009
Von Lance C. Hibbeler - Veröffentlicht auf Amazon.com
Format:Taschenbuch|Verifizierter Kauf
The easiest way to sum up this book is simply "wow." Erickson discusses the fundamentals of exploits (hacks) on local machines and remote machines, and also hits on a bit of cryptology. The meat of book is sandwiched by something of an inner dialogue and history of hacking, which alone are worth the cost of the book. This book is not for the layman or the faint of heart- you have to know how to write code, and you have to at least know how to read Intel x86 assembly, if not write it. It also doesn't hurt to know how programs are actually executed- beyond just double-clicking an icon- I'm talking about stacks and heaps and everything else. The second chapter is possibly the most elegant summary of programming and the C language I have ever seen, ever, but nothing beats a few years "in the trenches."

So once you've refreshed your basics of programming, Erickson gets right into it, discussing buffer overflows. He builds up from the most simple concepts into more and more complicated tools- which seems to be exactly how we have arrived at modern exploits; the hackers and the anti-hackers have been co-evolving over the years. Next comes hacking remote machines, including how to cover your tracks- which I found to be some of the most devious ideas presented. If you take your time, and run some of the exploits yourself on the included CD, you will come away with an incredible knowledge of how many exploits work from their most fundamental level. If you're anything like me, you will enjoy the "hunt" of trying to counter the exploit before Erickson explains the solution. Also, if you're anything like me, you will walk away from the book shaking your head at the rut called ASCII that we've worked ourselves into.

<rant> I think this is another one of those books that needs to be on a mandatory reading list for all CS bachelors degree. It seems to me that most of the exploits wouldn't be a problem if programmers were a bit more diligent in their coding. strcpy() is your enemy, strncpy() is your friend. Always always ALWAYS be 100% suspicious of any input supplied from a user- check for illegal characters. Instead of if(functionThatReturnsTrue), try if(functionThatReturnsTrue == True). The list goes on and on. Computers do only what they are told, and if you leave a hole in your program that allows someone else to tell the computer what to do to save yourself the second or two it takes to hit a few more keys, well then you deserve to be hacked and summarily lose your job. Due diligence: do it- maybe then the real engineering disciplines won't be so mad when code monkeys call themselves engineers. </rant>

From what I can gather, the first edition was too terse. I think the second edition was a bit long-winded at times. And there's no discussion of hacking a Windows machine. However, this is still by far the best general hacking book out there.
62 von 78 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Hacking: Not for Script Kiddies... 11. Januar 2008
Von W. B. MCCORKLE Jr. - Veröffentlicht auf Amazon.com
Format:Taschenbuch
Jon Erickson's _Hacking_ is undoubtedly an interesting book, and one that perhaps appeals only to a small subsection of the hacker culture, those who want to learn techniques for exploitation at the conceptual level, aided by plenty of dense examples of code to illustrate those concepts. Erickson's background is in computer science, and he is a corporate lecturer on the subjects of cryptology and network security. With these bona fides, you might expect Erickson to treat the topic professionally and scientifically--and you would be right. Erickson's book is full of interesting and highly useful bits of information on cryptology, ciphers, information theory, and so on, but readers should prepare themselves for a somewhat pedantic, textbook-like style of writing. Having made such preparations, the book does open up for the reader who is looking to learn or brush up on some programming fundamentals.

The majority of _Hacking_ is very technical and deals with programming techniques. The author warns us as much in his Preface, saying that general programming knowledge is necessary in order to make your way through the book. Additionally, those looking for examples of different code flavors will find that Erickson works exclusively with the Gentoo Linux distro, the idea being that the examples are illustrative of techniques and strategies, especially if you are used to a different programming language. Otherwise, you might consider this book a useful primer on Linux, offering practical examples of various exploits, encryption/decryption, and so on.

The bulk of the book is divided into three sections: "Programming" (writing shellcode, dissemblers, and generalized exploiting techniques), "Networking" (Network sniffing and hijacking, DOS attacks, and port scanning), and "Cryptology" (developing algorithms, password cracking techniques, and WEP attacks). Each of these sections is replete with many detailed examples of code (sometimes pages long) for your referencing pleasures. Personally, I'm more drawn to the socio-political content found in the entirely-too-short Introduction, Conclusion, and Reference sections, which despite their underdeveloped feel, offer readers Erickson's thoughtful perspective on hacking (discovering and exploring system vulnerabilities is a valuable practice when done for noble ends, or in his own words, "Information itself isn't a crime"), a brief look into the history and ethics of early hacker culture (a learn-but-do-no-harm ethic borne of the 1950s MIT model railroad crowd, the distinction between hackers and crackers, and his thoughts on the importance of pursuing creative problem-solving strategies within closed logical structures), and a number of links to potentially useful web tools (hexadecimal editors and fuzzy fingerprint generators, for instance). On the whole, I found myself wishing that these sections had been developed further, as they might help broaden the potential readership for this book.

As a bookshelf resource, I can see this book being an invaluable contribution to the library of the hacker whose interests in the subject are shaped by theoretical or academic ways of thinking. Otherwise, it's not exactly a page-turner, and I don't expect social engineers, tinkerers, and certainly not skript kiddies to be the audience for this book. Nevertheless, it is important in that it marks a serious contribution to the art, science, and philosophy undergirding hacker culture. For good or for ill, it marks an attempt to formalize or legitimize a body of knowledge that has historically relied upon and even relished its underground status.
9 von 9 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Excellent security book 25. Mai 2008
Von krishd - Veröffentlicht auf Amazon.com
Format:Taschenbuch
I found the book a pleasure to read. The book explains the fundamental concepts of hacking very well. The treatment of exploits like buffer overflow, format string vulnurabilty is very good. The chapters on networking, shellcode are also very good. All throughout the book every concept is explained by extensive source codes (with clear accompanying commentary). All in all this is a great book to start learning the concepts of hacking and security.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Beliebte Markierungen

 (Was ist das?)
&quote;
The EIP register is the Instruction Pointer register, which points to the current instruction the processor is reading. &quote;
Markiert von 8 Kindle-Nutzern
&quote;
The first four registers (EAX, ECX, EDX, and EBX) are known as general purpose registers. These are called the Accumulator, Counter, Data, and Base registers, respectively. &quote;
Markiert von 7 Kindle-Nutzern
&quote;
The second four registers (ESP, EBP, ESI, and EDI) are also general purpose registers, but they are sometimes known as pointers and indexes. These stand for Stack Pointer, Base Pointer, Source Index, and Destination Index, respectively. &quote;
Markiert von 7 Kindle-Nutzern

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden